OECD Open Forum on Malware
The OECD Open Forum on Malware was organized by the OECD. Panelists included:

Malware Panel Moderator – Patrik Fältström, Senior Consulting Engineer, Cisco
Systems

Colin Oliver, General Manager, DCITA, Australia

Shamsul Jafnie Shafie, Head, Information and Network Security Department, MCMC,
Malaysia

Marco Gercke/Jean-Charles de Cordes, Project manager, Council of Europe

Jonathan Curtis, Chair, MAAWG

Paul Twomey, President/CEO, ICANN

David Pollington, Director of Security, Microsoft
The Open Forum drew approximately 40-50 attendees from government, private sector, civil
society and internet technical communities.
The panel discussion brought together experts in the field of malware, spam, and
cybersecurity from government, civil society, internet service providers, the domain name
community, the private sector security community (security and software vendors), the
incident response community, and law enforcement. It aimed at raising awareness of some of
the main issues associated with malware, highlighting the main challenges to addressing
these issues and discussing possible options. The Forum also discussed the OECD’s
Analytical Report on Malware, developed in cooperation with APEC, as well as the
forthcoming Ministerial meeting on the Future of the Internet Economy (17-18 June 2008,
Seoul Korea).
Background
The OECD’s Working Party on Information Security and Privacy (WPISP) began in 2006 to
examine the issues of malware in cooperation with the Asia Pacific Economic Cooperation
Telecommunication and Information Working Group (APEC TEL). This work was undertaken
with the goal of informing policymakers of the impacts of malware, cataloguing data trends in
malware growth and evolution, examining the economics of malware and the business
models behind malicious activity involving malware, evaluating existing technical and nontechnical countermeasures to combat malware; and, outlining recommendations to fill gaps
and secure information systems from the threat of malware
Forum discussion and findings
The meeting stressed that the need to strengthen security in the online environment is more
pressing than ever due to the continued growth of economic and social activities conducted
over the Internet and the increased severity and sophistication of cybercrime activity.
Participants noted the importance of a multi-stakeholder and cross-border approach,
bringing together governments and enforcement authorities in different countries, internet
service providers, software developers, the incident response community etc.
Panelists discussed the mechanisms that exist within various communities for responding to
cyber attacks using malware as well as to identify gaps to those responses. Many questions
and comments were raised during the panel-audience discussion.
Based on that, the Chair summarized a number of findings:

A wide variety of actors is combining malware, but still we have a fragmented
local response to a global threat. More structured collective action – within and
across communities, including ISPs, DN community, end users, business, CSIRTs,
and law enforcement – seems to be needed to address malware, and cooperation
must occur at the global level. It is not enough for one country to effectively self
organise if others do not do so as well.

There's a need for partnerships that brings the actors together, and to identify
and promote best practices. The main issues are how to foster a consistent approach
to combating malware, and how can governments and the private sector most
effectively cooperate.

Improving domestic frameworks and cross-border cooperation is essential. This
include, for example, the need to review policy and legal framework; coordinate roles
and responsibilities of domestic authorities/agencies and other stakeholders; improve
mechanisms for cross-border cooperation , increase information sharing and incident
response; foster cooperation between all stakeholders.

Economic structures and incentives to stimulate market players to take actions
against malware need to be analysed and – if necessary – adjusted.

Proactive prevention strategies should be promoted. These include the reduction
of software vulnerabilities, the increase of awareness raising and education initiatives,
continuous updating of standards and guidelines, and initiatives to encourage R&D in
the field.

Cooperative partnerships for response need to be supported (for example
CSIRTs could share points of contact and work collectively to improve information
sharing).

The development of codes of practice is essential (e.g. by ISPs, or DNRs)

The measurement of malware and its impacts is not sufficient, and the
development of better data in the field should be promoted.

There are various additional issues that should be addressed, such as legal cover for
ISPs, industry relationship with consumers, effective law enforcement, and
cooperation at the international level, in particular to facilitate the dissemination of
information and follow up on implementation of collaborative initiatives.
Follow-up
These conclusions and the panel discussion provided an input to the OECD and APEC work
on Malware, and were taken into account in the Report on Malware which is available on the
OECD website www.oecd.org/sti/security-privacy